[App Rejection] Automatic tests not passing

toobiza · ‎05-23-2022

During last days, our app is getting rejected by the automated test, see their message below.

The messages are bit confusing for two reasons. First the same explanation is given for both rejection requirements below. Also, the reason is mentioning a path for which we never redirect to as we never redirect to the root, we always redirect "auth" related paths as specified by the tuto here

For context,

We always check the HMAC as specified here and here
We set the security header for the iFrame like here
The installation test locally did not have any issue
We went through all previous posts in the forum but still were not able to fix it

Are we missing something? Can someone please help?

Thanks in advance

[Rejection message from Shopify]

```

Requirements that must be met before initial screening

App must set security headers to protect against clickjacking.
Your app does not request installation on the shop immediately after clicking "add app". Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected OAuth to be initiated at https://cambridgetestshop.myshopify.com/admin/oauth/request_grant but was redirected to https://cambridgetestshop.myshopify.com/admin/apps/7e43b55c76c07b51ccb5e0147b85daf0/?hmac=8df4b10cd5.... Learn more about authentication in our developer documentation
App must verify the authenticity of the request from Shopify.
Your app does not request installation on the shop immediately after clicking "add app". Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected OAuth to be initiated at https://cambridgetestshop.myshopify.com/admin/oauth/request_grant but was redirected to https://cambridgetestshop.myshopify.com/admin/apps/7e43b55c76c07b51ccb5e0147b85daf0/?hmac=8df4b10cd5.... Learn more about authentication in our developer documentation

```

Thomas_Lang1 · ‎05-23-2022

Hi!

We had this issue with one of our apps too, after add app button was clicked we redirected from our application to our authentication server first which would then start the oauth process.

Shopify does not like this, so maybe you are redirecting somewhere as well, could also mean redirecting to another route in your application.

you will need to make sure you go directly to oauth from the route that is being called to start the install process.

Software Developer | Owner of Tom IT - We build shopify apps
Marketplace Order Connector | Amazon bol.com & Walmart DSV
Order Related Documents | Print documents, Email document &Autoprint
Blog Product Spotlight | Add products to your blog articles!

View solution in original post

Thomas_Lang1 · ‎05-23-2022

Hi!

We had this issue with one of our apps too, after add app button was clicked we redirected from our application to our authentication server first which would then start the oauth process.

Shopify does not like this, so maybe you are redirecting somewhere as well, could also mean redirecting to another route in your application.

you will need to make sure you go directly to oauth from the route that is being called to start the install process.

Software Developer | Owner of Tom IT - We build shopify apps
Marketplace Order Connector | Amazon bol.com & Walmart DSV
Order Related Documents | Print documents, Email document &Autoprint
Blog Product Spotlight | Add products to your blog articles!

[App Rejection] Automatic tests not passing

[App Rejection] Automatic tests not passing

Community Blog Articles